Detections
Analytics
Winamp < 5.60 Multiple Vulnerabilities
medium Nessus Network Monitor Plugin ID 5717
Synopsis
The remote host has a media player installed that is vulnerable to multiple attack vectors.Description
The remote host is running Winamp, a media player for Windows.Versions of Winamp earlier than 5.6 are potentially affected by multiple vulnerabilities :
- An integer overflow vulnerability exists in the 'in_nsv.dll' plugin when parsing the table of contents of a NullSoft Video (NSV) stream or file. (CVE-2010-2586)
- A heap-base buffer overflow vulnerability exists in the 'in_midi.dll' plugin when parsing MIDI content. (CVE-2010-4370)
- A buffer overflow vulnerability exists in the 'in_mod' plugin and is related to the comment box. (CVE-2010-4371)
- An integer overflow vulnerability exists in the 'in_nsv plugin due to improper memory allocation for Nullsoft Video (NSV) metadata. (CVE-2010-4372)
- An error exists in the 'in_mp4' plugin which allows remote attackers to use either crafted metadata or album art in an MP4 file to cause a denial of service. (CVE-2010-4373)
- An error exists in the 'in_mkv' plugin which allows remote attackers to use a crafted Matroska Video (MKV) file to cause a denial of service. (CVE-2010-4374)
Solution
Upgrade to Winamp 5.60 or later.See Also
Plugin Details
Severity: Medium
ID: 5717
Family: Generic
Published: 10/27/2010
Updated: 3/6/2019
Nessus ID: 50846
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 5.6
Temporal Score: 4.9
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:nullsoft:winamp
Patch Publication Date: 10/8/2010
Vulnerability Publication Date: 1/31/2010
Reference Information
CVE: CVE-2010-2586, CVE-2010-4370, CVE-2010-4371, CVE-2010-4372, CVE-2010-4373, CVE-2010-4374
BID: 45097